Several months ago I got a notion for a potentially enormous programming project I wanted to undertake. I've spent bits of time on and off implementing it, and it has come quite far. The last thing I want to do is stop all of the exciting work to document it, but after some reflection, that is the thing that it most obviously needs right now.
What follows might be crazy-town, but it still seems pretty neat to me.
What Is SandboxOS?
I struggle to find a comparison that does it justice, but I keep trying:
- a webapp for making webapps.
- like node.js but with a mobile app security model.
- like an operating system but built on top of a few key user-space platform abstraction layers and interfacing with web browsers instead of talking directly to hardware for I/O.
- like Wikipedia for applications.
Nuts and Bolts
- It uses libuv, from node.js, to interact with the OS when possible.
- Each application runs as a separate process, as a first step toward implementing Google Chrome's Sandbox architecture.
- Applications can interact with other applications by calling exported functions, provided that they have requested and been granted permission to do so.
The Last Thing I Wanted
- Web browsers are by far the most widespread use of a sandboxed runtime that I could find. Plainly, I want to force an opt-in decision whether an application can invoke any individual thing outside of the application.
- I looked at a few attempts at sandboxes for languages like Perl, Python, and Ruby, but it was clear that sandboxed execution was so far from the goal of those runtimes that it was a lost cause. I even passed up on node.js for the same reason - it was easier to start from scratch than to audit and secure everything there. The few approaches that looked sound were not portable or incomplete.
- I know that Java and .NET make security claims, but I ruled them out early, because the security models seemed far from anything I could leverage for my specific needs, and the licensing and portability concerns are still pretty huge.
- Web browsers run untrusted code all of the time. They crash tabs and eat memory, but at the end of the day, they are the one example of sandboxing I could find that are essentially globally relied upon.
Circles and Arrows
Below is the bigger picture that I see this all fitting into. The interesting thing to me is not what I specifically imagine this thing doing but what little effort in implementing a few small parts it has taken to enable these sorts of things.
I intend to follow this up with related posts on more focused topics. If nothing else, this project has forced me to learn at least a little bit more about a lot of things I wouldn't have otherwise interacted much with:
For now, some SandboxOS links: